Does Profile Manager for iOS Need to be Accessible over the Internet?
-
04-10-2020 - |
Question
We're replacing our BlackBerry handsets with iPhones, and we'll be using OS X's Profile Manager for MDM deployment and management.
I've done some exploratory research and I'm happy with the general principles, but I'm wondering if the MDM server needs to be publicly accessible for remote management of iPhones, or is the functionality exposed via the carrier?
Solution
The MDM server does need to be available by the device, but Profile Manager itself does not. In other words, the ability to access the Profile Manager doesn't need to be present on the device, providing the literal MDM server is accessible.
OTHER TIPS
The MDM server only needs to be publicly available if you want to send commands to the devices while they are not on your LAN. Using a solution like Casper, you can have a piece of the MDM (a limited access server) in the DMZ, while the fully functional Casper server is behind your firewall.
Communication with Profile Manager/MDM is a three way conversation. The devices need to be able to communicate with the MDM server (Profile Manager) and Apple's servers to receive commands. The MDM Server also needs to be able to communicate with Apple to send tell its devices to check in with the MDM server.